Man-in-the-Middle Attack on T-Mobile Wi-Fi Calling

We discovered a vulnerability which would allow attackers to eavesdrop on and even modify calls and text messages sent via T-Mobile's "Wi-Fi Calling" feature. The feature, which we estimate is installed on millions of T-Mobile Android smartphones, allows customers to make and receive calls and text messages even when they don't have cellular reception.

We notified T-Mobile of our findings in December 2012, and have worked with Darren Kress, T-Mobile's senior manager for Mobile Assurance and Product Security, to confirm and fix the problem. T-Mobile reports that, as of March 18, all affected customers have received the security update fixing this vulnerability.

We are Jethro Beekman and Christopher Thompson, current UC Berkeley graduate students in EECS. In the course of our analysis of the Wi-Fi Calling feature, we found that when an affected phone connected to a server via T-Mobile's Wi-Fi Calling feature, it did not correctly validate the server's security certificate, exposing calls and text messages to a "man-in-the-middle" attack. Without this proper verification, hackers could create a fake certificate and pretend to be the T-Mobile server. This would allow attackers to listen to and modify traffic between a phone and the server, allowing them to intercept and decrypt voice calls and text messages sent over Wi-Fi Calling.

The simplest way to become a man-in-the-middle would be for the attacker to be on the same open wireless network as the victim, such as at a coffee shop or other public space.

To discover and implement the attack, we reverse engineered the Wi-Fi Calling feature, which uses a standard voice-over-IP protocol (SIP) over an encrypted connection (TLS).

The update to fix this vulnerability, which we have independently verified, is now included with T-Mobile's Wi-Fi Calling application.

Technical Report

We have made a technical report covering the vulnerability and the man-in-the-middle attack in more detail available online.